The dewdrop package

Traditional buffer-overflow attacks work by filling a data buffer with
exploit code and then redirecting execution to that buffer. As a
countermeasure, modern operating systems will forbid (by default) the
execution of writable memory regions.

Return-oriented programming [1] is an alternative exploitation strategy
that works around this restriction. The exploit payload is built by
chaining together short code sequences ("gadgets") which are already
present in the exploited program, and thus are allowed to be executed.

dewdrop is a Haskell library for finding useful gadgets in 32- and 64-bit
x86 ELF binaries. You can describe the desired gadget properties with a
Haskell function, and use the Dewdrop module to make a customized
gadget-finder program. Or you can import Dewdrop.Analyze and integrate
this functionality into a larger program.